Skills
skills/notque/claude-code-toolkit/adr-consultation/Gen Agent Trust Hub

adr-consultation

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by processing Architecture Decision Records (ADRs) from the local file system without sanitization or boundary markers.\n
  • Ingestion points: ADR files (e.g., adr/*.md) and session metadata (.adr-session.json) are read and passed to reviewer agents as primary context.\n
  • Boundary markers: Absent. The prompt templates in references/agent-prompts.md interpolate the {full adr content} directly into the agent's instructions.\n
  • Capability inventory: The skill uses Bash (read, write, delete), Task (parallel agent execution), and Write tools.\n
  • Sanitization: No validation or escaping is performed on the ADR content before processing.\n
  • Remediation: Use strict delimiters for interpolated data and provide explicit instructions to agents to ignore any potential instructions embedded within the ADR content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 12:34 PM